Signal Disruption

In today’s world everyone is using messenger applications. Many users prefer using messengers that have strong encryption built-in for obvious reasons from confidentiality to hiding data from investigators. One such app used by messengers due to the confidentiality and privacy they provide. Signal is one of these messengers and has been labeled one of the most widely used, next to Telegram, used by people living in regions known for corruption. *

Signal
is a messenger often used by security minded users; offering secure chats and
calls.

Signal is a free open source application available for both iOS and Android mobile devices, PCs and Macs. It was Edward Snowden who called Signal the most reliable messenger in the world on his Twitter feed in 2015.

The application provides
end-to-end encryption allowing users to send encrypted group and individual
text messages, photos and video files, and make encrypted phone and video calls
without being intercepted while in transit. The messenger uses the ZRTP
cryptographic protocol and an AES (Advanced Encryption Standard) algorithm with
a key length of 128 bits.

What
makes it so secure

First, end-to-end
encryption. Signal stores encryption keys only on the user’s device, without
sending them to the server. Thus, only the sender and the recipient are
included in the process of information exchange.

Second, a secure
encryption protocol. The main difference between Signal and its current competitors
lays in reliable encryption algorithms. The security community is highly
appreciative of the crypto scheme used by the messenger. Third, storing
encryption keys in Android KeyStore. Android KeyStore,
much like the iOS Keychain, is a storage location containing software and
hardware encryption keys on devices running. The KeyStore is used by
Java-programs to encrypt data, authenticate, and establish HTTPS connection.

Signal
as a source of evidence

According to Signal
developers, it is almost impossible to bypass Signal’s built in protections. However,
data transmitted and received using Signal is often the key to the investigation
so providing a solution to the decoding of this data is essential.

Oxygen Forensic®
Detective enables extraction and decryption of encryption keys from the Android
KeyStore on Android devices that are not using hw-backed keys in the encryption
process. Due to this, access was made to the Signal encryption keys, which in
turn, can be used to decrypt the app’s data. With this decoding method, data
uncovered consists of: